hacking

A brute force attack is just a trial and error process, that runs repeatedly to obtain the correct username and password information. An automated software is being used in this process which does not decrypt the information but just continue trying with set of words and letters.. Millions of IP’s and huge number of computers are involved in this process to check different username and password combinations and avoid triggering multiple attempt limits.

Choose your extensions wisely - one basic rule when you develop a Joomla site. And same applies to you, weekend webmasters! Your site is a sitting duck, waiting for hackers (especially script kiddies. Well, easy to say it, but what can be seen as "wise" choice here?

By comparing infected files with known good files (from official sources or reliably clean backups) you can identify and remove malicious changes.

Caution

It is important that you compare the same version of your Joomla! core files and extensions. Core files on the 2.x branch are not the same as the 3.x branch and so on.

Never perform any actions without a backup. If you’re unsure, please seek assistance from a professional.

To manually remove a malware infection from your Joomla! files:

Log into your server via SFTP or SSH.

Create a backup of the site files before making changes.

Search your files for reference to malicious domains or payloads you noted.

Identify recently changed files and confirm whether they are legitimate.

Review files flagged by the diff command during the core file integrity check.

Restore or compare suspicious files with clean backups or official sources.

Remove any suspicious or unfamiliar code from your custom files.

Test to verify the site is still operational after changes.

If you can't find the malicious content, try searching the web for malicious content, payloads, and domain names that you found in the first step. Chances are that someone else has already figured out how those domain names are involved in the hack you are attempting to clean.

Is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. On a clickjacked page, the attackers load another page over it in a transparent layer, in most cases using HTML FRAME based techniques. The users think that they are clicking the buttons they are actually seeing, while they are in fact performing actions on the hidden page. This way the attackers can trick users into performing actions which the users never intended. There is no way of tracing such actions to the attackers later, as the users would have been genuinely authenticated on the hidden page.

Cross Site Scripting is a hacking technique whereby malicious scripting code (usually javascript) is injected into user input forms (in a similar way to SQL injection attacks) or incorporated in a URL query string.

A Cross Site Request Forgery (CSRF) attack relies on the trust a website has for a user to execute unauthorized requests and or transactions. For example, say a user is logged into their Joomla! websites' administrator interface in one tab and is browsing a compromised site in another tab.

A website is stored within a file system on a server. Some of the server's file system is therefore exposed to the outside world and can be accessed by an end-user's web browser. The part of the file system (or directory structure) that is visible to the outside world is limited to a specific root folder and its contents.

In various blog posts, security bulletins, etc. you can read, that you need get rid of the default "admin" user with Super Administrator privileges (and with the default UserID of 62 or 42 - depending on Joomla version) to prebent hackers using the well known username and user ID to start dictionary attacks or carry out successful SQL injection attacks against your site, but how? If you go to Joomla user manager, and want to simply delete it, you can't. More, you can't even disable it! WTF... Hey, it's not that complicated! Let me show you how can you do it in a simple - and fool-proof way!

Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection ) query to view the page source, require the attacker to have the full path to the file they wish to view. Then the attacker can use this info to perform other type of attacks based on the obtained information.

Pissed off, eh? Me too! After you put together your site (small or big, hobbyist site or a large corporate one) and installed all the security gizmos available out there you began to receive all kind of alerts about hacking attempts. This is the good scenario - succesful hacking attempts usually aren't reported: you experience the sometimes devastating effects by visiting the site.

Anyway, you probably get frustrated over time, and you definitively will try to do something above just stopping these attacks.

HTTP stands for 'HyperText Transfer Protocol', and it is the mechanism used to transfer data from one computer to another across the Internet. You can use HTTP to request information from a server, or to send information to a client by wrapping the request or data in a 'packet'.

JavaScript hijacking is a technique that an attacker can use to masquerade as a valid user and read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML). Nearly all major Ajax applications have been found vulnerable.

If files have been modified on your server, or files have been uploaded for instance, you can check the timestamps on those files to find out when the attacker was on your site. This is typical in the case of sites being defaced or malicious code being injected somewhere. Most of the time, the attacker will have gained access to your site shortly before modifying or uploading files to it.

There are numerous other tactics that can be used to break into a computer system, and these usually involve discovering weaknesses or loopholes in the server software's defenses. When a programmer writes software that runs on a web server, he tries to make sure that the software cannot be abused - but it can be very difficult to foresee every eventuality; vandals and hackers are always pushing software to the limit and trying out operations which the software was not designed to handle, in an attempt to discover a way in.

Clickjacking is a browser security issue and is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embedded code or a script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function. The hacker installs an invisible layer over the existing site, hijacking the user's clicks. The suspicious-less user will perform this way actions they never intended to, from apparently inoffensive ones, as following someone on Twitter, to really nasty things, like password, credit card information theft, and anything else you might (not want to) do on a webpage.

This attack consists of changing resource identifiers used by an application in order to perform a malicious task. When an application permits a user input to define a resource, like a file name or port number, this data can be manipulated to execute or access different resources.

Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. His pair, Local File Inclusion or LFI is basically the same technique, used on sites which have been successfully penetrated, and the hacker "planted" his files already on the server.

One popular and potentially devastating method of attack against Joomla powered sites is SQL injection. Any web application that makes use of a database usually communicates with the database for necessary functions using a special language known as 'Structured Query Language', or SQL. Joomla, by the way, uses an open source implementation of this language, MySQL.

Mastering the Web is a never ending learning process. You can learn from both good and bad examples. Unfortunately most of us are learning from their own mistakes. A well known situation is that you got a brand new Joomla site, latest tricks, stunning design, appealing content, but you miss a key ingredient of the success: the Visitor. And you've wondering, why they aren't coming, despite your SEO efforts as sending out marketing e-mails to your closest 10.000 "friends" and spending nice money in buying incoming links and lots of postings on every imaginable social marketing site, blog and forum. It's not obvious, but the problem may be in what you did, and not in what you missed. Anyway, here's a mix of things usually Joomla webmasters are doing wrong. Learn from, and try to avoid these most common mistakes!